Police Log IPs, Making Arrest By Planting Own Nodes In Freenet

Law enforcement authorities have been planting their own nodes to Freenet in order to track down cyber criminals on the network. Freenet is an anonymous P2P network, which routes traffic using multiple nodes to hide the location of the users when they share files. Freenet is, by the way, often quoted by the media as part of the dark web since its efforts for anonymization. However, currently, it appears that the network has been under police surveillance.

Court records state that in the case of Paul Bradley Meagher, a University of Dakota police officer who was arrested for downloading child porn from Freenet, the North Dakota Bureau of Criminal Investigation had been running an undercover operation in the network since 2011, planting their own nodes in the P2P file sharing service. With this done, the law enforcement authorities were able to log the IP of the users they surveyed and track them down, so the police knowing the locations of the targeted people, making them able to arrest them.

A Dakota student news site describes how, in the charge of the case, Investigating Officer Jesse Smith managed to acquire the laptop of Bradley, which was still running Freenet on the university Wifi network at the time. The ex-police officer was charged with 10 counts of possessing child porn images, each count could mean 5 years to the man, which could result in 50 years of prison for Bradley.

The Grand Forks Herald states that detective Jesse Smith in the affidavit admitted to her department, that they were running nodes in Freenet to be able and track people downloading files, including a list of known child porn files using hashes from the police database.

When journalists contacted the Bureau of Criminal Investigation of North Dakota, the law enforcement agency has declined to comment the case. However, hacker10.com has found some information regarding an ICAC (Internet Crimes against Children) Task Force operation, “Black Ice Project”, running a Freenet Workshop in 2014. They quoted this on their website:

“This session will describe the basic functioning of Freenet, how persons exchanging child abuse material, the system’s vulnerabilities and how the Black Ice project exploits them.”

9 comments

If Bradley had a mediocre of common sense, he would have downloaded only from Onionland using Tails via bridges and anonymous Wi-Fi hotspots with military-grade encryption, such as TrueCrypt. He would have hidden his usb drives around his house, creating at least several “spoof” drives that were indistinguishable from his real one(s), perhaps even using hardware encryption in addition to software encryption, such as those thumb drives sold by Aegis. Instead, he is going to the pokey for having been dumb.

Doesn’t using anonymous wifi spots, like random coffee houses, potentially expose you to backdoors as well as WiFi spoofing if LE suspect that location ?
The Tor website does not endorse that method over simply using your own ISP.

How did the cops manage to make the pedo’s computer choose their nodes so as to expose his IP ? Doesn’t it randomly choose available nodes unless you choose specific ones ? At least that is how I2P works.

Vary your anonymous Wi-Fi access points as much as possible (“never the same place twice,” if possible). As long as you are using a Tor bridge and full system encryption, you should be completely safe.

I hate pedos, so don’t get me wrong about that! But, it seems like Meagher was framed. As a trained LE officer, he would have known about whole-disk encryption. My guess is that the “evidence” was planted.

It is a strange case for several reasons. Such a “big story” with “breaking freenet” is carried out by a local law enforcement of North Dakota, not the FBI? If vulnerabilities in freenet were so obvious as the “Black Ice Project” suggests, then why just 1 guy caught by now and not hundreds or thousands nation wide and world wide? Even more strange is that local law enforcement catches a local guy while freenet is running all over the globe.

This leads to some plausible scenarios as how it could happened:

A. They logged the IP addresses of freenet opennet peer contacts for an opennet node that they placed until they found a local IP to fall within their jurisdiction. Here they could contact the ISP and install some local surveillance, then record all his internet traffic and understand when it contained criminal content. This could even be traffic from outside freenet as they now had access to all his traffic. It would be plausible that this could be a strategy for local law enforcement rather then federal agencies.

B. They placed a darknet node and by this came close to their victim. Though this could have been strategy of FBI, too, it could be facilitated via local, meaning real world, contacts. One should consider other arrests regarding this kind of crime before. Imagine they caught someone before for other reasons outside of freenet and discovered that he was a freenet darknet node, then take over this darknet node to investigate its connections. That guy could have been caught for other reasons but after they realized the value of the darknet node, they focused on this.

Anyway, as long as during the maybe next 6 months there will not be a lot of further busts amongst freenet users it is likely that this is a story of more unique circumstances than a vital and fundamental threat to the freenet network as a whole.

I wrote a small 238kb script that actually utilizes some of Veracrypt to encrypt your IP. If any two or all of the people are encouraged to use my IP-Crypt script then everyone would basically be IPless. It also encrypts the first 4 hops out of your local ISP provider. IT’s clever, but it works and I’m blown away.